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Amendments to the Claims : 

This listing of claims will replace all prior versions, and listings, of claims in the 
application. The amendments to the claims find full support in the specification as filed. 

Listing of Claims : 

1 . (Currently Amended) A method of sharing security credentials between 
devices of a user comprising: enabling at l e ast one pervasive d e vice to retrieve at least 
one authentication tok e n from at least on e personal authentication gat e way, the at l e a s t 
one pervasive device comprising at l e ast one automatic tok e n client application and the at 
l e ast one personal authentication gateway comprising at least one token server 
application, said m e thod comprising th e st e ps of: 

ascertaining at least one personal authentication gateway device of the user from 
at least one pervasive device of the user, the at least one pervasive device comprising at 
least one automatic token client application and the at least one personal authentication 
gateway device comprising at least one token server application; by broadcasting a 
pervasiv e auth e ntication domain discov e ry r e quest m e ssag e and rec e iving at l e ast on e 
discov e ry r e spons e m e ssag e from th e at l e ast one p e rsonal auth e ntication gat e way; 

sending at least one token request from the at least one pervasive device to the at 
least one personal authentication gateway device ; and, 

receiving a token response at the at least one pervasive device from the at least 
one personal authentication gateway device only if the at least one pervasive device is has 
been authorized[[,]] the at least on e p e rvasiv e d e vic e b e ing authoriz e d by the st e ps 
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comprising: registering via configuring the at least one personal authentication gateway 
device to recognize the at least one pervasive device as a registered member of a 
pervasive authentication domain; and ascertaining if the at least one pervasive device is 
within a given distance of the gateway as measured by signal s trength of wirel e ss 
communication, wherein said gateway is integrated on a combined pervasive device 

wherein when the security credentials are provided to the at least one 
authentication gateway device, the at least one pervasive device that has been authorized 
is enabled to retrieve the at least one authentication token . 

2. (Cancelled) The method according to claim 1, wherein said ascertaining step 
comprises broadcasting a pervasive authentication domain discovery request message and 
receiving at least one discovery response message from the at least one personal 
authentication gateway. 

3. (Original) The method according to claim 1, wherein said ascertaining step 
comprises looking up a personal authentication gateway address in configuration settings. 

4. (Original) The method according to claim 1, wherein the at least one token 
request comprises a pervasive device identification, a message type, and a protection 
arrangement for fields of the at least one token request, the protection arrangement being 
adapted to ensure integrity and confidentiality. 

5. (Original) The method according to claim 1, wherein said receiving step 
comprises storing received credentials for use by other applications. 
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6. (Cancelled) The method according to claim 1, furthering comprising the step 
of registering a pervasive device to be a member of a pervasive authentication domain by 
registering with a personal authentication gateway. 

7. (Currently Amended) A method of sharing security credentials between the 
devices of a user comprising: enabling at least on e personal auth entic ation gateway to 
distribute at least one authentication token to at lea s t one authorized pervasive device, the 
at l e ast on e p e rsonal authentication gat e way comprising at l e ast on e token server and th e 
at least one pervasive device comprising at least one automatic token client, said m e thod 
comprising the st e p s of: 

receiving at least one token request from at least one pervasive device of the user 
on at least one personal authentication gateway device of the user , the at least one 
pervasive device comprising at least one automatic token client application and the at 
least one personal authentication gateway device comprising at least one token server 
application wh e r e in th e at l e ast on pervasiv e d e vic e broadcasts a pervasive auth e ntication 
domain discov e ry r e qu es t m e ssag e to the at l e ast on e p e rsonal auth e ntication gat e way ; 

determining whether the at least one pervasive device is authorized to receive 
authentication tokens, wherein said determining step comprises: 

ascertaining if the at least one pervasive device has been regi s t e r e d 
authorized via configuring the at least one personal authentication gateway device 
to recognize the at least one pervasive device as a registered member of the a 
pervasive authentication domain; and 
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asc e rtaining wh e th e r th e at l e ast one p e rvasiv e devic e is within a given 
distanc e of the gat e way as m e asured by signal str e ngth of wir e less 
communication wherein said gateway is int e grat e d on a combined pervasive 
d evice; and 

sending at least one token response to the at least one pervasive device from the at 
least one personal authentication gateway deviceFL ]] wh e r e in said sending step comprises 
th e at l e ast one personal authentication gateway r e sponding to a p e rvasiv e auth e ntication 
domain dis c ov e ry m e ssage from the at l e ast one pervasive device ; 

wherein when the security credentials are provided to the at least one 
authentication gateway device, the at least one pervasive device that has been authorized 
is enabled to retrieve at the least one authentication token . 

8. (Cancelled) The method according to claim 7, wherein said sending step 
comprises the at least one personal authentication gateway responding to a pervasive 
authentication domain discovery message from the at least one pervasive device. 

9. (Cancelled) The method according to claim 8; wherein: said at least one 
personal authentication gateway has a pervasive authentication domain; sending step 
comprises sending the at least one token response only if the pervasive device 
identification for the pervasive authentication domain discovery message is a member of 
the pervasive authentication domain of the at least one personal authentication gateway. 

10. (Original) The method according to claim 7, wherein said receiving step 
comprises: determining the pervasive device identification of the at least one token 
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request; deriving at least one pervasive authentication domain for the at least one 
pervasive device; and retrieving at least one authentication token for the pervasive 
device. 

1 1 . (Original) The method according to claim 7, wherein the at least one token 
response sent comprises of a pervasive device identification, the message type, 
authentication tokens, and a protection arrangement for fields of the at least one token 
response, the protection arrangement being adapted to ensure integrity and 
confidentiality. 

12. (Cancelled) The method according to claim 7, furthering comprising the step 
of registering a pervasive device to be a member of a pervasive authentication domain by 
registering with a personal authentication gateway. 

13. (Currently Amended) The method according to claim 7, wherein said 
r e gistering ascertaining if the at least one pervasive device has been authorized step 
comprises: entering the same random password on the pervasive device and the personal 
authentication gateway; generating on the personal authentication gateway an encryption 
key, Slave lD Secret, which is encrypted by the random password; transferring the 
prot e ct e d key to the pervasive device and computing a fingerprint of the prot e ct e d key on 
the personal authentication gateway; and comparing the fingerprint of the received and 
decrypted prot e cted key on the pervasive device. 

14. (Original) The method according to claim 13, wherein the encryption key, 
Slave_ID_Secret, is used as a protection arrangement for token requests and token 
responses. 
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15. (Cancelled) The method according to claim 10, wherein said determining step 
comprises validating that the at least one pervasive device has been registered for the at 
least one pervasive authentication domain. 

16. (Cancelled) The method according to claim 10, wherein said determining step 
comprises ascertaining whether the at least one pervasive device is within a given 
distance of the at least one personal authentication gateway. 

17. (Original) The method according to claim 10, wherein said determining step 
comprises ascertaining whether the at least one pervasive device has recently made a 
previous request. 

18. (Original) The method according to claim 10, wherein said determining step 
comprises ascertaining whether the at least one pervasive device has not sent a message 
indicating that the at least one pervasive device is no longer to be trusted. 

19. (Currently Amended) An apparatus for sharing security credentials between 
devices of a user e nabling at lea s t on e perva s ive d e vic e to r e trieve at least one 
auth e ntication tok e n from at least one personal authentication gat e way , said apparatus 
comprising: 

a discoverer which finds at least one personal authentication gateway device of 
the user capable of responding to token requests from at least one pervasive device of the 
user; 

a token requestor which sends at least one request for at least one token required 
by the at least one pervasive device; and 
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a token responder which accepts at least one token request and sends at least one 
token response with at least one authentication token to the at least one pervasive device 
only if the at least one pervasive device is has been authorized[[,]] the at least one 
pervasive d e vice b e ing authorized by th e st e ps comprising: registering via configuring 
the at least one personal authentication gateway device to recognize the at least one 
pervasive device as a registered member of a pervasive authentication domain; and 
ascertaining if the at least one pervasive device is within a given distance of the gateway 
as measur e d by signal str e ngth of wir e l e ss communication, wh e r e in said gateway i s 
int e grated on a combined pervasiv e d e vic e 

wherein when the security credentials are provided to the at least one 
authentication gateway device, the at least one pervasive device that has been authorized 
is enabled to retrieve the at least one authentication token . 

20. (Original) The apparatus according to claim 19, wherein the at least one 
token request comprises a pervasive device identification, the message type, at least one 
authentication token, and a protection arrangement for fields of the at least one token 
request, the protection arrangement being adapted to ensure integrity and confidentiality. 

21. (Original) The apparatus according to claim 20, wherein said protection 
arrangement comprises Triple-DES encryption using a long key. 

22. (Original) The apparatus according to claim 21, wherein said long key is a 
secure hash comprised of a master secret known only to the personal authentication 
gateway, a pervasive device identification, and a pervasive authentication domain 
identification. 
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23. (Currently Amended) The apparatus according to claim 21, wherein said 
long key is distributed to the at least one pervasive device during registration 
authorization . 

24. (Currently Amended) An apparatus for sharing security credentials between 
devices of a user comprising m e ans for enabling at least one personal authentication 
gateway to distribut e authentication tokens to at least one authorized p e rvasive device , 
said apparatus comprising: 

means for registering at least one pervasive device of the user for membership in a 
pervasive authentication domain; 

means for receiving a token request from at least one pervasive device, wherein 
the at least on pervasive device broadcasts a pervasive authentication domain discovery 
request message to the at least one personal authentication gateway device of the user ; 

means for determining whether the at least one pervasive device is has been 
authorized to receive authentication tokens[[,]] wh e r e in s aid d e t e rmining st e p comprises: 
ascertaining if via configuring the at least one personal authentication gateway device to 
recognize the at least one pervasive device has be e n registered as a registered member of 
the pervasive authentication domain; and a s certaining wheth e r th e at lea s t on e p e rva s ive 
devic e is within a giv e n distanc e of the gat e way as m e asur e d by signal strength of 
wireless_communication, wh e rein said gat e way is int e grat e d on a combin e d p e rvasiv e 
d e vic e ; and 
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means for sending at least one token response to the at least one pervasive device 
from the at least one personal authentication gateway; 

wherein when the security credentials are provided to the at least one 
authentication gateway device, the at least one pervasive device that has been authorized 
is enabled to retrieve the authentication tokens . 

25. (Currently Amended) A program storage device readable by machine, 
tangibly embodying a program of instructions executable by the machine to perform 
method steps for sharing security credentials between devices of a user enabling at least 
one pervasive device to retrieve at least one authentication token from at least one 
personal auth e ntication gat e way, the at l e ast one pervasiv e devic e comprising at least on e 
automatic tok e n cli e nt application and th e at l e ast on e p e rsonal auth e ntication gat e way 
comprising at least on e tok e n s e rver application , said method comprising the steps of: 

ascertaining at least one personal authentication gateway device of the user from 
at least one e rvasive pervasive device of the user by broadcasting a pervasive 
authentication domain discovery request message and receiving at least one discovery 
response message from at least one personal authentication gateway device, the at least 
one pervasive device comprising at least one automatic token client application and the at 
least one personal authentication gateway device comprising at least one token server 
application ; 

sending at least one token request from the at least one pervasive device to the at 
least one personal authentication gateway device ; and, 
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receiving a token response at the pervasive device from the at least one personal 
authentication gateway only if the at least one pervasive device is has been authorized[[,]] 
the at least one pervasive devi c e b e ing authorized by the steps co m p r i sing: registering via 
configuring the at least one personal authentication gateway device to recognize the at 
least one pervasive device as a registered member of a pervasive authentication domain; 



gateway as measur ed b y signal strength of wir e less communication, wher e in said 
gateway is integrated on a combined pervasiv e devic e 

wherein when the security credentials are provided to the at least one 
authentication gateway device, the at least one pervasive device that has been authorized 
is enabled to retrieve at least one authentication token . 

26. (Currently Amended) A program storage device readable by machine, 
tangibly embodying a program of instructions executable by the machine to perform 
method steps for sharing security credentials between devices of a user e nabling at least 
on e p e rsonal auth e ntication gateway to di s tribute auth e ntication tok e ns to at l e ast on e 
authoriz e d pervasiv e devic e , the at l e ast one p e rsonal auth e ntication gat e way comprising 
at least one token server and the at least one pervasive device comprising at l e ast one 
automatic token cli e nt , said method comprising the steps of: 

receiving at least one token request from at least one pervasive device of the user 
on at least one personal authentication gateway device of the user , the at least one 
pervasive device comprising at least one automatic token client application and the at 
least one personal authentication gateway device comprising at least one token server 
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application wh e rein th e at least on pervasiv e d e vice broadcasts a pervasiv e auth e ntication 
domain discovery request m e ssage to the at least one per s onal authentication gateway ; 

determining whether the at least one pervasive device is authorized to receive 
authentication tokens, wherein said determining step comprises: 

ascertaining if the at least one pervasive device has been registered 
authorized via configuring the at least one personal authentication gateway device 
to recognize the at least one pervasive device as a registered member of the a 
pervasive authentication domain; and 

a s c e rtaining wheth e r th e at l e ast on e perva s ive d e vic e is within a giv e n 
distanc e of th e gateway as m e asured by signal str e ngth of wir e l e ss 
communication, wher e in said gat e way is integrated on a combined pervasive 
d e vic e ; and 

sending at least one token response to the at least one pervasive device from the at 
least one personal authentication gateway; 

wherein when the security credentials are provided to the at least one 
authentication gateway device, the at least one pervasive device that has been authorized 
is enabled to retrieve authentication tokens . 

27. (Currently Amended) An article of manufacture comprising a computer 
usable medium having computer readable program code means embodied therein for 
causing a computer to effect a method for sharing security credentials between devices of 
a user of enabling at l e ast one pervasiv e device to retriev e at least one authentication 
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token from at least one personal authentication gateway, the at least on e p e rvasiv e d e vice 

comprising at least one automatic token client application and the at least one personal 
authentication gateway comprising at lea s t one token server application , said method 
comprising the steps of: 

ascertaining at least one personal authentication gateway device of the user from 
at least one ervasive pervasive device of the user by broadcasting a pervasive 
authentication domain discovery request message and receiving at least one discovery 
response message from at least one personal authentication gateway device, the at least 
one pervasive device comprising at least one automatic token client application and the at 
least one personal authentication gateway device comprising at least one token server 
application ; 

sending at least one token request from the at least one pervasive device to the at 
east one personal authentication gateway device , th e at least one pervasiv e d e vic e having 
an automatic tok e n client ; and, 

receiving a token response at the pervasive device from the at least one personal 
authentication gateway only if the at least one pervasive device is has been authorized[[,]] 
th e at l e ast on e p e rvasiv e d e vic e b e ing authoriz e d by th e s t e ps comprising: r e gistering via 
configuring the at least one personal authentication gateway device to recognize the at 
least one pervasive device as a registered member of a pervasive authentication domain; 
and asc e rtaining if the at l e ast one p e rvasiv e d e vic e is within a given distance of th e 
gateway as m e asured by signal str e ngth of wir e less communication, wh e r e in said 
gateway is integrat e d on a combin e d p e rvasiv e d e vic e 
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wherein when the security credentials are provided to the at least one 
authentication gateway device, the at least one pervasive device that has been authorized 
is enabled to retrieve at least one authentication token . 

28. (Currently Amended) An article of manufacture comprising a computer 
usable medium having computer readable program code means embodied therein for 
causing a computer to effect a method for sharing security credentials between devices of 
a user of enabling at least on e p e rsonal auth e ntication gateway to distribut e at least one 
authentication token to at least one authorized pervasive device, the at l e ast o ne personal 
authentication gateway comprising at least one token server and the at least one pervasive 
d e vic e comprising at l e ast on e automatic token cli e nt , said method comprising the steps 
of: 

receiving at least one token request from at least one pervasive device of the user 
on at least one personal authentication gateway device of the user , the at least one 
pervasive device comprising at least one automatic token client application and the at 
least one personal authentication gateway device comprising at least one token server 
application wher e in th e at l e ast on p e rvasiv e d e vic e broadcasts a p e rvasiv e auth e ntication 
domain discovery request messag e to the at least on e personal authentication gateway ; 

determining whether the at least one pervasive device is authorized to receive 
authentication tokens, wherein said determining step comprises: 

ascertaining if the at least one pervasive device has been r e gistered 
authorized via configuring the at least one personal authentication gateway device 
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to recognize the at least one pervasive device as a registered member of the a 
pervasive authentication domain; and 

ascertaining whether the at least one perv as i ve d evic e is within a given 
distance of the gateway as measured by signal str e ngth o f w i rel e ss 
communication, wherein said gat e way i s int eg r at e d on a- c ombin e d pervasi v e 
device; and 

sending at least one token response to the at least one pervasive device from the at 
least one personal authentication gateway; 

wherein when the security credentials are provided to the at least one 
authentication gateway device, the at least one pervasive device that has been authorized 
is enabled to retrieve authentication tokens . 

29. (Currently Amended) A computer program product comprising a computer 
usable medium having computer readable program code means embodied therein for 
sharing security credentials between devices of a user causing enablem e nt of at l e ast on e 
p e rvasiv e d e vic e to obtain authentication tok e ns from at l e ast on e personal auth e ntication 
gat e way , the computer readable program code means in said computer program product 
comprising computer readable program code means for causing a computer to effect an 
apparatus for sharing security credentials between devices of a user e nabling of at l e ast 
on e pervasiv e device to r e tri e v e at least one authentication token from at least one 
p e rsonal authentication gateway , said apparatus comprising: 
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a discoverer which finds at least one personal authentication gateway device of 
the user capable of responding to token requests from at least one pervasive device of the 
userfM I wh erei n at l e ast on pervasive devi c e broadcasts a pervasive authentication 
domain d iscovery r equest message to the at least one per s onal authentication gateway ; 

a token requestor which sends at least one request for at least one token required 
by at least one pervasive device; and 

a token responder which accepts at least one token request and sends at least one 
token response with at least one authentication token to the at least one pervasive device 
only if the at least one pervasive device is has been authorized[[,]] the at least one 
pervasive d e vic e being authoriz e d by th e s teps comprising: registering via configuring 
the at least one personal authentication gateway device to recognize the at least one 
pervasive device as a registered member of a pervasive authentication domain; and 
asc e rtaining if th e at l e ast on e p e rvasiv e d e vic e is within a giv e n distanc e of th e gat e way 
as m e asur e d by signal strength of wirel e ss communication, wh e r e in said gat e way is 
int e grat e d on a combined p e rva s iv e d e vic e 

wherein when the security credentials are provided to the at least one 
authentication gateway device, the at least one pervasive device that has been authorized 
is enabled to retrieve the at least one authentication token . 
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